.png "back to home page")
Researchers at @eclypsium demonstrate persistent implants on IBM SoftLayer via user-accessible unsecured motherboard management controller, survived server reprovisioning to new customers. https://t.co/9h162NrlPJ
— Kenn White (@kennwhite) February 26, 2019
I guess I wasn't the only one who didn't like that IBM rated this issue as "low" severity while Eclypsium gave it a "critical" rating. I, personally, thought this was a very big issue.https://t.co/LeqoaqfHBY
— Catalin Cimpanu (@campuscodi) February 26, 2019
Our latest research regarding a critical architecture vulnerability with bare metal cloud providers.Attackers may have the ability to install an implant into BMC firmware and persist in cloud infrastructure after deprovisioning: https://t.co/1GlyozgCJA #firmware #baremetal #cloud pic.twitter.com/nh5NnOqohI
— Alex Bazhaniuk (@ABazhaniuk) February 26, 2019
Will be interesting to watch — IBM rated the severity "low", while Eclypsium assigned a 9.3 "critical" CVE 3. Solid work by @ABazhaniuk and team.https://t.co/0OJ2ehreNr
— Kenn White (@kennwhite) February 26, 2019
Hey @AWSSecurityInfo can you confirm that checking for and patching against malicious firmware backdoors would fall on your side of the shared responsibility model? https://t.co/lsu8VVyJ8a
— Scott Piper (@0xdabbad00) February 26, 2019
https://t.co/cLzuGHX2Ur doesn't really inspire confidence in IBM Cloud. Bare metal servers with off-the-shelf BMC and no re-flashing for redeployment ?
— Felix Wilhelm (@_fel1x) February 26, 2019
Supermicro hardware weaknesses let researchers backdoor an IBM cloud server https://t.co/yrjfjKQVXY
— HD Moore (@hdmoore) February 26, 2019
Hey @dangoodin001 and @arstechnica. I don't think you made the case that this is a hardware weakness tbh. This is a process weakness. If you can take actions that are specifically ALLOWED by the vendor, and they don't clean up, that's not a hw problem. https://t.co/3ke5UG5rHN
— Carmen Crincoli ⭐️ (@CarmenCrincoli) February 26, 2019
때로는 클라우드에서도 지나친 날 것은 배탈의 원인임 됨을 알려주는 사건. 기계를 날로 빌리는 베어 메탈의 펌웨어를 바꿔치기 할 줄이야. 꺼진 상태에서도 서버 펌웨어 등 기계 설정이 가능한 Baseboard Management Controller (BMC)는 양날의 검.
— Goodhyun 김국현 (@goodhyun) February 27, 2019
https://t.co/1we11pa9zC
After IBM SoftLayer fails to scrub bare-metal box firmware of any lurking spies, alarm raised over cloud server security https://t.co/1JyBM2Gezq
— martin_casado (@martin_casado) February 26, 2019
Cloud providers renting out bare-metal servers must make sure they scrub every last byte of writable storage on their boxes between deployments. Find out why in @TheRegister article: https://t.co/QN9pIQzq5U
— Eclypsium (@eclypsium) February 26, 2019
A Supermicro hardware vulnerability allows researches to backdoor an IBM cloud server. According to @arstechnica, other bare-metal cloud computing providers also may be at risk to BMC (baseboard management controller) attacks. https://t.co/2uwQ2Vm3sw
— linuxjournal (@linuxjournal) February 26, 2019
専用サーバーであってもクラウドサーバーはハックし易い。大問題かも。 https://t.co/KF0MbzLQLZ
— Robert Geller (@rjgeller) February 26, 2019
Supermicro hardware weaknesses let researchers backdoor an IBM cloud serverhttps://t.co/tMpV79bXdt
— Frank Denis (@jedisct1) February 26, 2019